Security Basics mailing list archives
Re: DOS Attack?
From: Suramya Tomar <security () suramya com>
Date: Thu, 25 Nov 2004 14:03:11 -0500
Hi Shawn, I would suggest that you check the internal machine for viruses and spyware. You could also try moving the machine to a different IP and see if that changes anything. If the attack is resumed after you move the IP then you should take that system off the network and do an integrity check on the machine. You can also blacklist the external host at the firewall preventing it from contacting any system's on your network which should fix the DOS problem. Hope this helps. - Suramya
Hi List, I'm currently experiencing network outages due to what appears to be DOS attacks. I'm running a wireless ISP using a Cisco 2611 and CBAC and I have a /24 public address range. During the outage I can see traffic from a single external host sending thousands of packets to a single internal host. I don't have port 80 inbound open in my ACLs so I don't understand how the external host is even able to contact the internal host to begin with. Secondly, how is it possible for an attack on 1 internal host to cripple the rest of my network? Any feedback would be welcome. Thanks. shawn
-- ------------------------------------------------- Name : Suramya Tomar Homepage URL: http://www.suramya.com ------------------------------------------------- ************************************************************ Disclaimer: Any errors in spelling, tact, or fact are transmission errors. ************************************************************
Current thread:
- DOS Attack? Shawn Wall (Nov 26)
- Re: DOS Attack? Suramya Tomar (Nov 26)
- Re: DOS Attack? Mario Pascucci (Nov 27)
- Re: DOS Attack? Juan Carlos Jimenez Jamett (Nov 27)
- Re: DOS Attack? Anthony Boynes (Nov 27)
- RE: DOS Attack? David Gillett (Nov 29)
- <Possible follow-ups>
- RE: DOS Attack? David Gillett (Nov 29)
- RE: DOS Attack? Andrew Shore (Nov 29)